diff --git a/joe-3.7-format-security.patch b/joe-3.7-format-security.patch
new file mode 100644
index 0000000..6d7d1d9
--- /dev/null
+++ b/joe-3.7-format-security.patch
@@ -0,0 +1,162 @@
+diff -upr joe-3.7.orig/b.c joe-3.7/b.c
+--- joe-3.7.orig/b.c	2008-11-02 21:59:06.000000000 +0100
++++ joe-3.7/b.c	2013-12-11 12:46:16.476342506 +0100
+@@ -2994,7 +2994,7 @@ RETSIGTYPE ttsig(int sig)
+ 			if (b->name)
+ 				fprintf(ttsig_f, (char *)joe_gettext(_("\n*** File \'%s\'\n")), b->name);
+ 			else
+-				fprintf(ttsig_f, (char *)joe_gettext(_("\n*** File \'(Unnamed)\'\n")));
++				fprintf(ttsig_f, "%s", (char *)joe_gettext(_("\n*** File \'(Unnamed)\'\n")));
+ 			fflush(ttsig_f);
+ 			bsavefd(b->bof, fileno(ttsig_f), b->eof->byte);
+ 		}
+diff -upr joe-3.7.orig/cmd.c joe-3.7/cmd.c
+--- joe-3.7.orig/cmd.c	2008-11-02 02:31:59.000000000 +0100
++++ joe-3.7/cmd.c	2013-12-11 12:51:28.986628113 +0100
+@@ -231,7 +231,7 @@ int steal_lock(BW *bw,int c,B *b,int *no
+ 			if(bf1[0])
+ 				joe_snprintf_1(bf,sizeof(bf),joe_gettext(LOCKMSG1),bf1);
+ 			else
+-				joe_snprintf_0(bf,sizeof(bf),joe_gettext(LOCKMSG2));
++				joe_snprintf_1(bf,sizeof(bf),"%s",joe_gettext(LOCKMSG2));
+ 			if (mkqw(bw->parent, sz(bf), steal_lock, NULL, b, notify)) {
+ 				return 0;
+ 			} else {
+@@ -289,7 +289,7 @@ int try_lock(BW *bw,B *b)
+ 			if(bf1[0])
+ 				joe_snprintf_1(bf,sizeof(bf),joe_gettext(LOCKMSG1),bf1);
+ 			else
+-				joe_snprintf_0(bf,sizeof(bf),joe_gettext(LOCKMSG2));
++				joe_snprintf_1(bf,sizeof(bf),"%s",joe_gettext(LOCKMSG2));
+ 			if (mkqw(bw->parent, sz(bf), steal_lock, NULL, b, NULL)) {
+ 				uquery(bw);
+ 				if (!b->locked)
+diff -upr joe-3.7.orig/main.c joe-3.7/main.c
+--- joe-3.7.orig/main.c	2013-12-11 12:42:01.980544000 +0100
++++ joe-3.7/main.c	2013-12-11 12:52:22.190198564 +0100
+@@ -204,7 +204,7 @@ int main(int argc, char **real_argv, cha
+ 
+ #ifndef __MSDOS__
+ 	if (!(cap = my_getcap(NULL, 9600, NULL, NULL))) {
+-		fprintf(stderr, (char *)joe_gettext(_("Couldn't load termcap/terminfo entry\n")));
++		fprintf(stderr, "%s", (char *)joe_gettext(_("Couldn't load termcap/terminfo entry\n")));
+ 		return 1;
+ 	}
+ #endif
+@@ -356,7 +356,7 @@ int main(int argc, char **real_argv, cha
+ 	donerc:
+ 
+ 	if (validate_rc()) {
+-		fprintf(stderr,(char *)joe_gettext(_("rc file has no :main key binding section or no bindings.  Bye.\n")));
++		fprintf(stderr,"%s",(char *)joe_gettext(_("rc file has no :main key binding section or no bindings.  Bye.\n")));
+ 		return 1;
+ 	}
+ 
+diff -upr joe-3.7.orig/rc.c joe-3.7/rc.c
+--- joe-3.7.orig/rc.c	2008-11-02 21:33:45.000000000 +0100
++++ joe-3.7/rc.c	2013-12-11 12:53:05.463851142 +0100
+@@ -1489,9 +1489,9 @@ int procrc(CAP *cap, unsigned char *name
+ 
+ 	/* Print proper ending string */
+ 	if (err)
+-		fprintf(stderr, (char *)joe_gettext(_("\ndone\n")));
++		fprintf(stderr, "%s", (char *)joe_gettext(_("\ndone\n")));
+ 	else
+-		fprintf(stderr, (char *)joe_gettext(_("done\n")));
++		fprintf(stderr, "%s", (char *)joe_gettext(_("done\n")));
+ 
+ 	return err;		/* 0 for success, 1 for syntax error */
+ }
+diff -upr joe-3.7.orig/scrn.c joe-3.7/scrn.c
+--- joe-3.7.orig/scrn.c	2008-11-01 04:00:33.000000000 +0100
++++ joe-3.7/scrn.c	2013-12-11 12:53:46.552522391 +0100
+@@ -717,7 +717,7 @@ SCRN *nopen(CAP *cap)
+ 	signrm();
+         fprintf(stderr,"cm=%p ch=%p cv=%p ho=%p lf=%p DO=%p ll=%p up=%p UP=%p cr=%p\n",
+                        t->cm, t->ch, t->cv, t->ho, t->lf, t->DO, t->ll, t->up, t->UP, t->cr);
+-	fprintf(stderr,(char *)joe_gettext(_("Sorry, your terminal can't do absolute cursor positioning.\nIt's broken\n")));
++	fprintf(stderr,"%s",(char *)joe_gettext(_("Sorry, your terminal can't do absolute cursor positioning.\nIt's broken\n")));
+ 	return NULL;
+       ok:
+ 
+diff -upr joe-3.7.orig/termcap.c joe-3.7/termcap.c
+--- joe-3.7.orig/termcap.c	2006-07-19 16:07:43.000000000 +0200
++++ joe-3.7/termcap.c	2013-12-11 12:54:05.290372747 +0100
+@@ -213,7 +213,7 @@ CAP *my_getcap(unsigned char *name, unsi
+  joe_free(cap);
+  return 0;
+ */
+-		fprintf(stderr, (char *)joe_gettext(_("Couldn't load termcap entry.  Using ansi default\n")));
++		fprintf(stderr, "%s", (char *)joe_gettext(_("Couldn't load termcap entry.  Using ansi default\n")));
+ 		ti = 0;
+ 		cap->tbuf = vsncpy(cap->tbuf, 0, sc(defentry));
+ 		goto checktc;
+diff -upr joe-3.7.orig/tty.c joe-3.7/tty.c
+--- joe-3.7.orig/tty.c	2013-12-11 12:42:01.979544000 +0100
++++ joe-3.7/tty.c	2013-12-11 12:54:50.542011905 +0100
+@@ -326,7 +326,7 @@ void ttopnn(void)
+ 
+ 	if (!termin) {
+ 		if (idleout ? (!(termin = stdin) || !(termout = stdout)) : (!(termin = fopen("/dev/tty", "r")) || !(termout = fopen("/dev/tty", "w")))) {
+-			fprintf(stderr, (char *)joe_gettext(_("Couldn\'t open /dev/tty\n")));
++			fprintf(stderr, "%s", (char *)joe_gettext(_("Couldn\'t open /dev/tty\n")));
+ 			exit(1);
+ 		} else {
+ #ifdef SIGWINCH
+@@ -743,7 +743,7 @@ int ttshell(unsigned char *cmd)
+ 		if (cmd)
+ 			execl((char *)s, (char *)s, "-c", cmd, NULL);
+ 		else {
+-			fprintf(stderr, (char *)joe_gettext(_("You are at the command shell.  Type 'exit' to return\n")));
++			fprintf(stderr, "%s", (char *)joe_gettext(_("You are at the command shell.  Type 'exit' to return\n")));
+ 			execl((char *)s, (char *)s, NULL);
+ 		}
+ 		_exit(0);
+@@ -807,7 +807,7 @@ void ttsusp(void)
+ 	omode = ttymode;
+ 	mpxsusp();
+ 	ttclsn();
+-	fprintf(stderr, (char *)joe_gettext(_("You have suspended the program.  Type 'fg' to return\n")));
++	fprintf(stderr, "%s", (char *)joe_gettext(_("You have suspended the program.  Type 'fg' to return\n")));
+ 	kill(0, SIGTSTP);
+ #ifdef junk
+ 	/* Hmmm... this should not have been necessary */
+diff -upr joe-3.7.orig/uerror.c joe-3.7/uerror.c
+--- joe-3.7.orig/uerror.c	2006-07-19 02:27:13.000000000 +0200
++++ joe-3.7/uerror.c	2013-12-11 12:58:25.382304276 +0100
+@@ -327,7 +327,7 @@ int parserrb(B *b)
+ 	if (n)
+ 		joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("%d messages found")), n);
+ 	else
+-		joe_snprintf_0(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("No messages found")));
++		joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, "%s", joe_gettext(_("No messages found")));
+ 	msgnw(bw->parent, msgbuf);
+ 	return 0;
+ }
+@@ -341,7 +341,7 @@ int uparserr(BW *bw)
+ 	if (n)
+ 		joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("%d messages found")), n);
+ 	else
+-		joe_snprintf_0(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("No messages found")));
++		joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, "%s", joe_gettext(_("No messages found")));
+ 	msgnw(bw->parent, msgbuf);
+ 	return 0;
+ }
+diff -upr joe-3.7.orig/ufile.c joe-3.7/ufile.c
+--- joe-3.7.orig/ufile.c	2013-12-11 12:42:01.976544000 +0100
++++ joe-3.7/ufile.c	2013-12-11 12:59:14.713912755 +0100
+@@ -62,11 +62,11 @@ void genexmsgmulti(BW *bw, int saved, in
+ {
+ 	if (saved)
+ 		if (skipped)
+-			joe_snprintf_0(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("Some files have not been saved.")));
++			joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, "%s", joe_gettext(_("Some files have not been saved.")));
+ 		else
+-			joe_snprintf_0(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("All modified files have been saved.")));
++			joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, "%s", joe_gettext(_("All modified files have been saved.")));
+ 	else
+-		joe_snprintf_0(msgbuf, JOE_MSGBUFSIZE, joe_gettext(_("No modified files, so no updates needed.")));
++		joe_snprintf_1(msgbuf, JOE_MSGBUFSIZE, "%s", joe_gettext(_("No modified files, so no updates needed.")));
+ 
+ 	msgnw(bw->parent, msgbuf);
+ 
diff --git a/joe.spec b/joe.spec
index 6fae52d..2d6704a 100644
--- a/joe.spec
+++ b/joe.spec
@@ -1,7 +1,7 @@
 Summary: An easy to use, modeless text editor
 Name: joe
 Version: 3.7
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Group: Applications/Editors
 URL: http://sourceforge.net/projects/joe-editor/
@@ -15,6 +15,7 @@ Patch2: joe-3.5-time.patch
 Patch3: joe-3.7-orphan.patch
 Patch4: joe-3.7-indent-ow.patch
 Patch5: joe-3.7-aarch64.patch
+Patch6: joe-3.7-format-security.patch
 
 BuildRequires: ncurses-devel libselinux-devel
 
@@ -31,6 +32,7 @@ environment.
 %patch3 -p1 -b .orphan
 %patch4 -p1 -b .of
 %patch5 -p1 -b .aarch64
+%patch6 -p1 -b .format-security
 iconv -f koi8-r -t utf-8 ./man/ru/joe.1.in >./man/ru/joe.1.in.aux
 touch -r ./man/ru/joe.1.in ./man/ru/joe.1.in.aux
 mv ./man/ru/joe.1.in.aux ./man/ru/joe.1.in
@@ -66,6 +68,10 @@ popd
 %{_datadir}/%{name}
 
 %changelog
+* Wed Dec 11 2013 Peter Schiffer <pschiffe@redhat.com> - 3.7-14
+- resolves: #1037147
+  fixed FTBFS after enabling "-Werror=format-security" flag
+
 * Wed Aug 07 2013 Ralf Corsépius <corsepiu@fedoraproject.org> - 3.7-13
 - Reflect %%docdir changes (FTBFS RHBZ #992634).
 - Append --docdir to %%configure.
@@ -248,10 +254,10 @@ we maintained.  Added patch from #80657 from Hans de Goede.
 - Added fix for #80673 - 'restrict' (C99 keyword) used as variable.
 - Fixed build bugs on i386.
 
-* Tue Nov 11 2002 Lon Hohberger <lhh@redhat.com> 2.9.7-9
+* Mon Nov 11 2002 Lon Hohberger <lhh@redhat.com> 2.9.7-9
 - Fixed zero-byte rc file hang.
 
-* Tue Nov 06 2002 Lon Hohberger <lhh@redhat.com> 2.9.7-8
+* Wed Nov 06 2002 Lon Hohberger <lhh@redhat.com> 2.9.7-8
 - Cleaned up warnings on ppc/ia32/ia64.
 - Fixed help message.
 - Fixed bugs on ia64 and ppc architectures.